You are here

Security

For many enterprises, the move to cloud computing raises security concerns, but when applications and infrastructure are architected with attention to security, cloud platforms can be just as secure as those on-premises.Read more

Early adopters of the cloud computing model had to fight the perception that no Infrastructure-as-a-Service (IaaS) provider could be as security-conscious as their own organizations. Over the last several years, as public cloud providers have gotten better about communicating their security features, that view has changed, according to the cloud strategists we talked with. For most organizations...Read more

A regular tune-up can help any enterprise improve its cloud operations and potentially save money. Here are 20 simple tips that can help you save money, improve server utilization, improve cloud security and availability, and otherwise optimize your cloud infrastructure.Read more

Cloud computing, DevOps, and agile methodologies often go hand-in-hand to help developers create applications quickly to meet business demands. As organizations move critical business applications to the cloud, compliance with security policies, regulations, and internal engineering standards becomes more important. How can you maintain the benefits that come with cloud, DevOps, and agile...Read more

The U.S. Department of Health and Human Services' (HHS) Omnibus Rule finalizes all the former interim rules for Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) compliance. There are a number of changes and exceptions that organizations need to consider before enforcement begins on September 23, so we've broken...Read more

PCI compliance in the public cloud is a growing topic of concern and interest. Some people claim one can be a PCI-compliant merchant using a public IaaS cloud, while others say that's impossible. I am a former Qualified Security Assessor (QSA) and have participated in multiple PCI working groups, and I'm firmly in the former camp. PCI compliance in the cloud is possible, but the hardest part is...Read more

Security has been one of the top challenges in every survey on cloud computing in the last five years. Yet public cloud providers have continued to beef up their security offerings, and not everyone realizes how far providers have come in providing tools that enable customers to follow security best practices . This week AWS took a giant step forward to address a major cloud security challenge...Read more

In my experience helping RightScale customers who are at varying points in the cloud adoption spectrum from investigating IaaS to launching a POC to already using IaaS for production applications, I see quite a bit of confusion about how to actually “do” security in the cloud, particularly in IaaS. And the sheer volume of vendor cloud washing and sales FUD that is being perpetuated makes it even...Read more

We have been busy this summer working on a number of security- and governance-related features for our Enterprise Edition customers, who are typically large organizations that have well-defined internal user identity and compliance structures. With the latest RightScale release , we have improved or added on to the following features: Managed SSH Login Single Sign-On with SAML API-Based...Read more

Over the past few years, I have heard many folks assert that one can be a PCI-compliant merchant using public IaaS cloud, and I have heard just as many state that it's not possible. In retrospect, I have found most of them - including myself - to be misinformed. After gaining more firsthand experience, I feel confident telling you where I sit at this state in the game on the question: “Can I be...Read more